diff options
| author | Paul McMillan <Paul@McMillan.ws> | 2012-02-16 02:08:11 +0000 |
|---|---|---|
| committer | Paul McMillan <Paul@McMillan.ws> | 2012-02-16 02:08:11 +0000 |
| commit | c05930c858bdfe59dec5fa257dc05b614fa7320b (patch) | |
| tree | 5e713e70041080ecfe206e687198860dbcf13475 | |
| parent | ea8af819ab5348c7521c253e8e8f55efaeee181c (diff) | |
Added an explicit warning about cookie session store to release notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17529 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | docs/releases/1.4-beta-1.txt | 7 | ||||
| -rw-r--r-- | docs/releases/1.4.txt | 8 |
2 files changed, 15 insertions, 0 deletions
diff --git a/docs/releases/1.4-beta-1.txt b/docs/releases/1.4-beta-1.txt index a3b8ef07d5..37cc60e258 100644 --- a/docs/releases/1.4-beta-1.txt +++ b/docs/releases/1.4-beta-1.txt @@ -197,6 +197,13 @@ Django 1.4 introduces a new cookie-based backend for the session framework which uses the tools for :doc:`cryptographic signing </topics/signing>` to store the session data in the client's browser. +.. warning:: + + Session data is signed and validated by the server, but is not + encrypted. This means that a user can view any data stored in the + session, but cannot change it. Please read the documentation for + further clarification before using this backend. + See the :ref:`cookie-based session backend <cookie-session-backend>` docs for more information. diff --git a/docs/releases/1.4.txt b/docs/releases/1.4.txt index 1932b94fca..c55d6654c6 100644 --- a/docs/releases/1.4.txt +++ b/docs/releases/1.4.txt @@ -171,6 +171,14 @@ Django 1.4 introduces a cookie-based session backend that uses the tools for :doc:`cryptographic signing </topics/signing>` to store the session data in the client's browser. ++.. warning:: ++ ++ Session data is signed and validated by the server, but is not ++ encrypted. This means that a user can view any data stored in the ++ session, but cannot change it. Please read the documentation for ++ further clarification before using this backend. ++ + See the :ref:`cookie-based session backend <cookie-session-backend>` docs for more information. |
